From 5df7bc0538d8b54ed144c1d2fae51c152f28f4f3 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 15 Aug 2005 16:04:39 +0000 Subject: [PATCH] Remove sub-zone exclusion feature in preparation for implementing true exclude lists git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2492 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/firewall | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/Shorewall/firewall b/Shorewall/firewall index 55a0ae2ee..22d67b685 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -4707,10 +4707,6 @@ add_nat_rule() { target1="REDIRECT --to-port $servport" fi - if [ $source = $FW ]; then - [ -n "$excludezones" ] && fatal_error "Invalid Source in rule \"$rule\"" - fi - # Generate nat table rules if [ $COMMAND != check ]; then @@ -4738,20 +4734,13 @@ add_nat_rule() { done fi else - if [ -n "${excludezones}${excludedests}" ]; then + if [ -n "${excludedests}" ]; then build_exclusion_chain chain nat "" $excludedests for adr in $(separate_list $addr); do addnatrule $(dnat_chain $source) $cli $proto $multiport $sports $dports $(dest_ip_range $adr) -j $chain done - for z in $(separate_list $excludezones); do - eval hosts=\$${z}_hosts - for host in $hosts; do - addnatrule $chain $(match_source_hosts ${host#*:}) -j RETURN - done - done - if [ -n "$loglevel" ]; then log_rule_limit $loglevel $chain $(dnat_chain $source) $logtarget "$ratelimit" "$logtag" -A -t nat fi @@ -5242,21 +5231,6 @@ process_rule() # $1 = target fi fi - if [ "$clientzone" = "${clientzone%!*}" ]; then - excludezones= - else - excludezones="${clientzone#*!}" - clientzone="${clientzone%!*}" - - case $logtarget in - DNAT|REDIRECT|SAME) - ;; - *) - fatal_error "Exclude list only allowed with DNAT, SAME or REDIRECT" - ;; - esac - fi - validate_zone $clientzone || fatal_error "Undefined Client Zone in rule \"$rule\"" # Parse and validate destination